views:

43

answers:

1

I want to use file_get_contents to implement a proxy so I can do ajax cross domain requests.

Querystring will be used to supply the URL to file_get_contents. Now the problem is people can muck around with the querystring in order to read local files on the server. I dont want this. Can someone get me a function to sinitize the querystring in order to accept only urls and not local files: ie:

?url=http://google.com.au - OK

?url=./passwords.txt - Not OK

+1  A: 
$url = filter_var($_GET['url'], FILTER_SANITIZE_URL);

or

if($_GET['url'] === filter_var($_GET['url'], FILTER_VALIDATE_URL)) {
    ... your stuff here ...
}
Serty Oan
I ended up using :FILTER_VALIDATE_URL and FILTER_FLAG_SCHEME_REQUIREDnever heard of this function..quite handy thanks
Luis